DEV Community: DaisukeYoda

Your Perfect Package Name? Someone Took It in 2014.

DaisukeYoda — Tue, 17 Feb 2026 16:54:46 +0000

The Package Name Land Grab Is Real, and It's Getting Worse

You've Got a Great Name. Someone Else Got There First.

"I've got it. The perfect name."

You type it into pip. Or npm. And there it is: a repo from 2014. Three commits. No README. Last touched when Obama was still president. But the name? Taken.

This is happening to developers every day. Python's user base exploded. JavaScript's ecosystem grew into something nobody planned for. And the central registries that hold it all together, PyPI and npm, are running out of good names. Not just any names. The short, clean, memorable ones that every developer reaches for: json, request, api, test.

Think of them as the Ginza or Manhattan of the digital world. Prime real estate. And it's basically all gone.

This isn't just annoying. It's turning into a real governance problem, one that touches on digital land rights, trust, security, and how we organize shared resources. Let me explain what happened.

How Did We Get Here?

Micro-packages Ate the Namespace

Part of the blame falls on a culture that took a good idea too far. Especially in the npm world.

"Do one thing and do it well." Great principle. Unix got it right. But npm developers ran with it to an absurd extreme. Building a car? Sure, package the tires and the steering wheel separately. But also the bolts. The washers. The paint pigment. Each one gets its own globally unique name.

The poster child here is is-odd. A package that checks if a number is odd. The actual logic? return n % 2 === 1;. That's it. A few lines. And it gets downloaded tens of millions of times a week. Oh, and it depends on is-number. A package to check if something is a number. You can't make this up.

The DRY principle ("Don't Repeat Yourself") was the justification. Fair enough. But nobody stopped to think about what it costs to burn a globally unique name on a one-liner. Stuff that should've stayed as a helper function in your codebase got registered in a shared global registry instead. One by one, the good names disappeared.

Typosquatting Made It Worse

Then there's the security angle. Bad actors register names like requesst or py-requests, banking on someone's typo to slip malware into a build. Registry maintainers have to block these lookalikes preemptively. That means even more names get locked up as buffer zones, squeezing the pool of available names even further.

Why Not Just Reclaim Abandoned Names?

Seems obvious, right? If a package hasn't been touched in a decade, free up the name and let someone else use it. Except people tried that. It went badly.

The event-stream Disaster

In 2018, someone offered to take over maintenance of event-stream, a popular but neglected npm package. The original author handed it off. The new maintainer then quietly injected malware that targeted a specific Bitcoin wallet. Millions of downloads, all trusting the package because of its track record.

When you inherit a name, you inherit the trust attached to it. That trust becomes a weapon.

The left-pad Meltdown

March 2016. A developer named Azer Koçulu got into a fight with npm over a package name ("kik," which a messaging company wanted). npm sided with the company. Koçulu, furious, yanked all 270-something of his packages off the registry.

One of them was left-pad. Eleven lines of code. Pads the left side of a string. Trivial, right? Except Babel depended on it. React depended on it. Node.js depended on it. Builds broke everywhere. The JavaScript ecosystem ground to a halt over eleven lines.

The takeaway was brutal: even a tiny, ancient, seemingly insignificant package might be holding up critical infrastructure somewhere. You can't just delete things.

npm now restricts package deletion because of this. Once it's published, it stays.

Who Decides "Abandoned"?

There's a more basic problem too. How do you tell the difference between a project that's abandoned and one that's just... done? A library that does its job and doesn't need updates? You'd have to contact the owner, review the code, check downstream dependencies. For millions of packages. On a volunteer basis. That's not happening. So names stay locked up, basically forever. Retired jersey numbers.

Three Ecosystems, Three Philosophies

The major language communities have taken very different approaches to this mess.

Python and JavaScript: Tightening the Rules

PyPI and npm started out as open markets. Publish whatever you want, name it whatever you want. Freedom. That era's over. Both registries now require two-factor auth. Python has PEP 541, a formal process for reclaiming names from dead projects. npm has similar policies.

The free frontier turned into a city with zoning laws.

What's PEP 541? A 2017 Python Enhancement Proposal that spells out how to handle name disputes on PyPI. It covers abandoned projects, trademark claims, and name squatting. Basically, it's the rulebook for who gets to keep a name.

Go: Skip the Registry Entirely

Go did something different. No central registry at all. Your import path is just a URL: github.com/someone/something. The domain name is the namespace. Problem solved?

Not quite. Repos get deleted. Accounts get nuked. Your build breaks because someone's GitHub disappeared. So Google built a proxy (proxy.golang.org) that caches everything centrally. They ended up with a hybrid: names are decentralized, but the data is backed up in one place.

Zooko's Triangle says you can pick two out of three: human-readable names, globally unique names, or decentralized names. You can't have all three. Go tried to get around it. They got two and a half.

Rust: Once Published, Published Forever

Rust came late enough to learn from everyone else's mistakes. Cargo's rule is simple: you can't delete a published package. Period. They also chose not to add user scopes (@user/package). The whole namespace is shared, like a public park, and it's managed accordingly.

The thinking: if one person walks away from a project, the community can keep it alive. Your bus factor goes up. "Digital urban planning," essentially.

The Tragedy of the Commons, Software Edition

Here's the pattern: a shared resource (the namespace) is open to everyone, so individuals grab names "just in case," and the collective suffers. Classic commons problem.

What's weird is how differently we treat package names versus domain names. Domain names are private property. People buy and sell them openly. A good .com can fetch six or seven figures. But try selling a PyPI package name and the community will eat you alive.

There's a deep-seated belief in open source that names belong to everyone. They're commons, not assets. Selling one feels like a betrayal. So the "if you don't need it, sell it" pressure valve that works for domains doesn't exist here. Names just sit there. Unused. Unreleased. Stuck.

And yet we keep chasing flat, unscoped names when @user/package exists as a solution. Why? Because requests feels like a brand. @some-person/requests doesn't. We want the prime real estate, not a unit in a subdivision.

What Comes Next?

Name scarcity is only going to get worse. But a couple of ideas are floating around.

One is AI-driven resolution. Maybe humans don't need to remember package names at all. You describe what you need, and an AI pulls the right package by hash or by function signature. Names become metadata, not identifiers.

Another is reputation-based allocation. Instead of first-come-first-served, names could flow toward maintainers with track records. Trust scores, contribution history, community endorsement. Something more fluid.

Both of these are speculative. For now, we're stuck with the system we've got: a flat namespace that's mostly full, governed by rules that were written after things broke.

Next time you come up with the perfect package name, check the registry first. Odds are, someone beat you to it in 2013. Their repo has one file in it. And there's nothing you can do about it.

Maybe that's fine. Maybe the era of human-readable names as the primary interface is ending anyway. The next "great name" you come up with might not be for a human reader. It might be a prompt.

I'm not sure how I feel about that yet.

From CLI to GitHub Bot: Building a Code Management AI for Python

DaisukeYoda — Sat, 07 Feb 2026 06:58:40 +0000

Four months ago, I built a CLI tool to scan my own messy Python code.

Today it's a GitHub bot that audits entire repositories. Here's how it evolved and what I learned at each stage.

Stage 1: pyscn CLI — Measure First

It started with a frustration. I was vibe-coding fast with AI tools, but my codebase was getting worse. I needed numbers, not feelings.

So I built pyscn — a static analysis engine in Go with tree-sitter. It scans Python code and gives you a Health Score (0–100) based on:

Cyclomatic complexity
Dead code
Code clones (copy-paste detection)
Module coupling

uvx pyscn analyze .

One command. Full HTML report.

I wrote about the details here: Pyscn: The Code Quality Analyzer for Vibe Coders

What surprised me

I ran pyscn on Flask and FastAPI to see how "clean" famous open-source projects actually are. The results were eye-opening — even well-maintained projects have hidden complexity.

Full breakdown: How Clean Is Famous Open Source Code? I Measured Flask and FastAPI.

Stage 2: MCP Server — Let AI Use It

The CLI worked, but I wanted Claude and other AI tools to use pyscn directly during coding sessions. So I wrapped it as an MCP server.

Now your AI assistant can check code quality in real-time while you're working.

Details: Analyzing Python Code Quality via MCP

Stage 3: pyscn-bot — Automate Everything

The CLI and MCP were useful, but they required someone to remember to run them. The real problem is: nobody audits the codebase regularly.

So I built pyscn-bot — a GitHub App that:

Weekly audits your full repository and posts findings as GitHub Issues
Reviews PRs with architecture-aware comments
Reports in 8 languages — English, Japanese, Chinese, and more
Zero config — install and it just works

The key difference from other code review bots: pyscn-bot doesn't just look at diffs. It analyzes your entire codebase every time.

Full writeup: pyscn-bot: A Periodic Code Audit AI Agent for Vibe Coders

What's Next

pyscn-bot is launching on Product Hunt today:

👉 Pyscn Bot on Product Hunt

If you vibe-code in Python, try the Health Score on your repo. It's free.

I'd love to hear what you think — drop a comment here or find me on X (@pyscn_official).

How Clean Is Famous Open Source Code? I Measured Flask and FastAPI.

DaisukeYoda — Wed, 21 Jan 2026 12:21:09 +0000

The engineers behind famous OSS are elite. No question.

But even well-maintained codebases grow — and growth has a cost.

Does "famous" still mean "high quality" after years of evolution?

I pointed a static analyzer at Flask and FastAPI to find out.

How I Measured

I ran pyscn — an open-source Python static analyzer — on both frameworks. Unlike traditional linters that focus on style, pyscn measures structural quality: how complex the functions are, how tangled the classes are, how much code is duplicated, whether modules import each other in circles, whether any code is never called, and an overall health score.

What makes pyscn useful for this kind of comparison is that it outputs everything in a single run. No need to combine multiple tools or normalize different scoring systems. Same metrics, same scale, same conditions.

ludo-technologies / pyscn

An Intelligent Python Code Quality Analyzer

A code quality analyzer for Python vibe coders.

Building with Cursor, Claude, or ChatGPT? pyscn performs structural analysis to keep your codebase maintainable.

Working with JavaScript/TypeScript? Check out jscan

Quick Start

# Run analysis without installation
uvx pyscn@latest analyze .
# or
pipx run pyscn analyze .

Demo

demo.mp4

Features

🔍 CFG-based dead code detection – Find unreachable code after exhaustive if-elif-else chains
📋 Multi-algorithm clone detection (Type 1-4) – Identify refactoring opportunities with LSH acceleration
🔗 Coupling metrics (CBO) – Track architecture quality and module dependencies
📊 Cyclomatic complexity analysis – Spot functions that need breaking down

100,000+ lines/sec • Built with Go + tree-sitter

MCP Integration

Run pyscn analyses straight from AI coding assistants via the Model Context Protocol (MCP). The bundled pyscn-mcp server exposes the same tools used in the CLI to Claude Code, Cursor, ChatGPT, and other MCP clients.

MCP Use Cases

You can interact with…

View on GitHub

I grabbed the latest releases (Flask 3.1.1, FastAPI 0.115.12) and analyzed only the core source. No tests or docs — just the real code.

Here's what 71 files told me:

Metric	FastAPI	Flask
Health Score	68 (C)	77 (B)
Avg Complexity	10.07	7.57
Code Duplication	2.2%	0%
Coupling (CBO)	2.23	1.39
Circular Deps	0	1
Architecture	94.3%	100%

These numbers are raw output from a general-purpose tool — not tuned for each framework's specific goals or context.

That said, the architecture scores speak for themselves: both above 94%. The health scores look modest (C and B), but that's what happens with large, mature codebases. Look at the individual metrics — low coupling, minimal duplication, almost no dead code — and you can tell these projects are well-maintained.

Let's look at what's behind each number.

What the Numbers Actually Mean

Complexity: The Cost of Features

FastAPI's most complex function scores 28 on cyclomatic complexity. It's responsible for automatic OpenAPI schema generation — a feature Flask doesn't include in core.

Flask has its own complex spots, like find_app_by_string at 22. But the complexity serves different purposes: one builds API specifications automatically, the other handles CLI app discovery.

Coupling: The OpenAPI Tax

FastAPI has 3 classes with high coupling (CBO >= 8). The highest is 12 — a class that needs to know about schemas, references, responses, headers, and more. That's what happens when you build OpenAPI specs programmatically.

Flask's maximum coupling is 6, from the core Flask class itself.

This isn't a design flaw. OpenAPI-first architecture requires components to be aware of each other. FastAPI chose that trade-off deliberately.

The Circular Dependency Surprise

Here's where FastAPI actually wins. Zero circular dependencies.

Flask has one cycle involving 6 modules:

blueprints ←→ sansio.blueprints
blueprints  → sansio.scaffold
debughelpers → blueprints
debughelpers → sansio.app
sansio.app  → templating

This is 14 years of organic growth. It works, but it makes deep refactoring harder. Newer codebases benefit from hindsight. FastAPI's clean dependency graph reflects lessons learned from predecessors.

Duplication: Compatibility Costs

FastAPI's 2.2% duplication lives mostly in _compat modules — supporting both Pydantic v1 and v2.

Flask: 0%. Minimal surface area means less to duplicate.

Supporting multiple library versions costs code cleanliness. Sometimes that's worth it.

The Real Lesson

These numbers don't pick a winner. They reveal trade-offs.

FastAPI's higher complexity and coupling aren't accidents. They're the cost of automatic OpenAPI docs and type-driven validation baked into the core. The duplication exists to support multiple Pydantic versions. Every metric tells a story of deliberate choices.

Flask takes the opposite path. Lower complexity because the core stays minimal. Lower coupling because features live in extensions. The circular dependency is 14 years of organic growth. Not ideal, but stable.

Both frameworks have zero dead code. Both are maintained by teams who know exactly what they're doing.

But that's the point. Even codebases this well-maintained have spots worth revisiting. A circular dependency here, gradual coupling there. Tools like pyscn make these patterns visible, giving even experienced engineers a fresh perspective on code they see every day.

What About Your Code?

Want to see where your project lands? No installation needed. Just use the following command

uvx pyscn@latest analyze .

Example:

You might find circular dependencies you didn't know about. Or coupling that's grown out of control. Or hopefully confirmation that your architecture is solid.

The goal isn't perfection. It's awareness.

Built with pyscn. Analysis performed January 2026.

pyscn-bot: A Periodic Code Audit AI Agent for Vibe Coders

DaisukeYoda — Wed, 07 Jan 2026 13:19:12 +0000

In the Age of AI-Generated Code, How Are You Managing Quality?

Cursor, Claude Code, ChatGPT-the arrival of AI coding assistants has dramatically accelerated development speed. We now live in an era where you can build "something that works" in just minutes.

This development style is called "Vibe Coding." It's an approach where you interact with AI to generate code quickly, without overthinking the finer points of design.

However, Vibe Coding has its pitfalls.

As your project grows, have you noticed your codebase becoming "sluggish," "hard to navigate," or "full of similar code scattered everywhere"? AI-generated code works, but it often carries structural problems beneath the surface.

pyscn-bot was created to solve this problem.

What Is pyscn-bot?

pyscn-bot is an AI agent that periodically audits your entire Python codebase. Simply install it on your GitHub repository, and it will automatically detect code quality issues on a weekly (or daily) basis, reporting them as GitHub Issues.

Although it was just officially released in January 2026, it has already generated buzz on Hacker News, with reactions like "This is genuinely useful for reviewing AI-generated code" and "Essential for maintaining architectural health."

Official website: https://pyscn.ludo-tech.org/

Why You Need pyscn-bot

The Limitations of Traditional AI Code Review Bots

There are many AI code review tools on the market. However, most of them are simply "LLM wrappers" that pass PR diffs to an LLM.

LLM wrappers have a fundamental limitation: they only examine the changed diff, making it impossible to evaluate the overall health of the codebase. Individual PRs may look fine, but the architecture can gradually collapse as changes accumulate-and these tools cannot detect that.

pyscn-bot's Approach

pyscn-bot takes a fundamentally different approach.

Its proprietary static analysis engine, "pyscn," scans the entire codebase and quantitatively measures complexity, duplication rates, dependencies, and more. This is algorithmic measurement, not LLM-based guesswork.

On top of that, AI interprets the measurement results and generates specific improvement suggestions. This enables evidence-based recommendations like: "This function has a complexity score of 23, far exceeding the recommended threshold of 10. Consider splitting it into the following three functions."

You can see details: How it works

What pyscn-bot Detects

Overly Complex Functions

AI writes code that works, but it doesn't necessarily write simple code. Functions with 10+ levels of nested conditionals, monolithic functions exceeding 100 lines—such code is hard to test and becomes a breeding ground for bugs.

pyscn-bot measures cyclomatic complexity and identifies functions that need to be split.

Duplicate Code

Have you ever thought "I've built something similar before" while having AI generate new code? In Vibe Coding, subtle variations of the same logic tend to proliferate throughout the codebase.

pyscn-bot uses the APTED (tree edit distance) algorithm to detect structurally similar code. Even if variable names differ, it won't miss code with identical logic.

Dead Code

When you modify functionality, do you forget to remove the old code? AI adds new code, but it doesn't delete code that's no longer needed.

pyscn-bot constructs a Control Flow Graph (CFG) to identify unreachable code and unused functions or variables. It can discover logic-level issues that text-based linters would miss.

Tightly Coupled Architecture

Have you ever felt that "this change has a bigger impact than I expected"? When dependencies between modules become complex, small changes can ripple to unexpected places.

pyscn-bot measures coupling metrics (CBO) and visualizes the health of your architecture.

The Philosophy of Periodic Auditing

The defining feature of pyscn-bot is its "periodic auditing" philosophy.

PR-by-PR reviews only show whether individual changes are problematic. However, 100 seemingly fine PRs can accumulate to degrade the entire codebase. This phenomenon is known as "technical debt accumulation."

pyscn-bot scans your entire repository weekly (or daily on the PRO plan) and creates reports as GitHub Issues. This enables you to monitor degradation that's difficult to notice during day-to-day development.

Automating "health checkups" for your codebase—that's the value pyscn-bot delivers.

The Power of the "pyscn" Static Analysis Engine

The static analysis engine "pyscn" that powers pyscn-bot is built with Go and Tree-sitter.

Processing speed exceeds 100,000 lines per second. Even large codebases can be analyzed in seconds. This speed is what makes periodic full-repository scans practical.

pyscn is open source and can be used locally. Simply run uvx pyscn analyze . from the command line to generate an HTML report.

GitHub: https://github.com/ludo-technologies/pyscn

Integration with AI Assistants

Beyond pyscn-bot, pyscn includes a built-in MCP (Model Context Protocol) server. This allows AI coding assistants like Claude Code and Cursor to directly invoke pyscn's analysis capabilities.

AI detects issues, AI proposes fixes, AI executes refactoring—a fully automated code quality improvement workflow becomes possible.

Build fast with Vibe Coding, ensure quality with pyscn. This cycle may become the defining development style of the AI era.

Pricing Plans

Free

Weekly code audits are available for free. Try it on your own repository first.

PRO ($10/month)

Daily audits, per-PR code reviews, and advanced analysis models. Includes a 14-day free trial.

Weekly audits are completely free. You can visualize the health of your codebase at no cost.

A Message to Vibe Coders

The speed of writing code with AI will only increase from here. But as speed increases, so does the importance of quality management.

Shifting from "it works, so it's fine" to "it's maintainable, so it's fine"—this perspective is the key to long-term project success.

pyscn-bot automatically monitors code quality without compromising the freedom of Vibe Coding. Having something that reports issues you wouldn't notice on a weekly basis—there's nothing more reassuring.

Please try installing it on your repository and give your codebase a "health checkup."

Links:

Official website: https://pyscn.ludo-tech.org
GitHub: https://github.com/ludo-technologies/pyscn
Developer: https://www.ludo-tech.org

Managing the Quality of AI-Generated Python Code

DaisukeYoda — Fri, 28 Nov 2025 17:10:13 +0000

AI coding is ridiculously convenient.

When you're using Claude or Cursor, writing code from scratch starts to feel pointless. Give it instructions, and working code comes out. It even writes tests for you. Development speed has definitely improved.

According to Google's research, 50% of code in the industry is now generated by AI.

AI in software engineering at Google: Progress and the path ahead

research.google

In this article, I'll introduce two incredibly useful tools that I use when programming with AI coding agents.

Rather than leaving everything to AI, combining these tools dramatically improves code maintainability. And the larger your codebase becomes, the more AI agents can demonstrate their true potential.

Why Static Analysis Tools Are Necessary

Code written by AI still needs maintenance. As projects grow larger, AI struggles to grasp everything. And the worse the code quality, the worse AI's capabilities become.

AI has a constraint called the context window. There's a limit to how much code it can read at once. That's precisely why codebases need to be "readable" and "well-organized."

Specifically, here's what happens with poor-quality codebases:

When duplicate code is scattered everywhere, AI repeatedly suggests similar fixes
Overly complex functions are difficult even for AI to understand, leading to off-target suggestions
When dependencies become spaghetti-like, AI misjudges the impact scope of changes

Finding these problems manually is exhausting. However, static analysis tools can detect them mechanically, consistently, and quickly.

That's why we use static analysis tools to maintain codebase quality. By eliminating problems that can be checked mechanically, AI can focus on more essential work.

Enter Ruff: The Static Analysis Tool

The Python development ecosystem was once a battlefield of competing linters.

Flake8 for code style, isort for import ordering, pydocstyle for docstrings, Bandit for security checks... Each tool needed to be installed separately, versions managed individually, and configuration file conflicts caused endless headaches. It wasn't uncommon to be exhausted just from environment setup.

Ruff ended this chaos.

Ruff comprehensively incorporates the functionality of these existing major tools. Moreover, it's not just a wrapper (a mere collection). Since the internal logic is reimplemented from scratch in Rust, it not only unifies tools but operates at astonishing speed.

"Tool management overhead" and "execution wait time." Ruff solves both of these problems—which had become bottlenecks for development speed in the AI era—with a single tool.

Enter Pyscn: A Code Design Diagnostic Tool for the AI Era

Ruff is certainly excellent. However, its scope is limited to syntax-level checks. Unused imports, naming convention violations, improper indentation—these are important, but determining whether a codebase is truly "healthy" requires deeper analysis.

Code generated by AI has common problems. Similar logic gets copied everywhere, functions bloat and become complex, and inter-module dependencies become spaghetti-like. These issues occur even when all Ruff rules pass.

This is where pyscn comes in.

pyscn is a static analysis tool that analyzes the structural quality of Python code. Built with Go and tree-sitter, it processes over 100,000 lines per second while providing the following advanced analyses:

Analysis	What It Reveals
Cyclomatic Complexity	Detects functions that have become difficult to understand due to excessive branches and loops
Dead Code Detection	Finds unreachable code after `return` statements and dead branches after exhaustive if-elif-else
Code Clone Detection	Detects copy-pasted similar code using tree edit distance and suggests refactoring candidates
Coupling Metrics (CBO)	Visualizes dependencies between classes and warns about tightly coupled modules

If Ruff corrects "how code is written," pyscn diagnoses "how code is designed." They don't compete—they complement each other.

# Execute instantly without installation
uvx pyscn analyze .

With just this, an HTML report is generated, visualizing the quality of your entire codebase.

Integration with AI Coding Tools: Unleashing pyscn's True Potential

pyscn's true value emerges not just from standalone use, but from combining it with AI coding tools. By passing diagnostic results to AI, you can automate complex refactoring all at once.

Use Case 1: Quality Check with Claude Code Slash Commands → Instant Refactoring

In Claude Code, you can define custom slash commands simply by placing markdown files in .claude/commands/.

<!-- .claude/commands/check-quality.md -->
Use the uvx pyscn@latest check src/ command to verify code quality. I want to refactor problematic code.

With this prepared, just typing /check-quality in Claude Code executes pyscn diagnostics and AI refactoring suggestions in one shot.

Detect high-complexity functions → Suggest function splitting → Apply on the spot. All of this completes with a single conversation.

Use Case 2: Detect Code Clones via MCP → Consolidate

In Cursor and Claude Desktop, you can call pyscn directly through MCP (Model Context Protocol).

{
  "mcpServers": {
    "pyscn-mcp": {
      "command": "uvx",
      "args": ["pyscn-mcp"]
    }
  }
}

After configuration, just give this instruction:

"Find duplicate code and extract it into a common function"

pyscn detects similar code using tree edit distance, and AI makes consolidation suggestions based on the results. Clone pairs found with 92% similarity are transformed into a single reusable function.

Use Case 3: Quality Gate in CI/CD

# GitHub Actions
- run: pipx run pyscn check --max-complexity 15 .

Stop the build when complexity exceeds the threshold. Even for AI-generated code, you can ensure quality through mechanical rules.

Conclusion: The Future of pyscn

pyscn is currently under active maintenance. We continuously release bug fixes and feature improvements, and actively respond to GitHub Issues and PRs.

For future development, we're preparing automatic review and fix functionality using LLMs. pyscn detects problem areas, AI automatically analyzes them and presents fix proposals—we're aiming for a world where humans just approve the suggestions.

Additionally, we're actively developing jscan, a sister tool for JavaScript/TypeScript. We'll bring the same structural analysis as pyscn to frontend development.

In an era where AI writes code, mechanisms to protect code quality become more important than ever. Use Ruff to organize syntax, use pyscn to diagnose design. With this two-tier approach, keep your codebase healthy.

uvx pyscn analyze .

First, try it on your project.

If you like it, please give us a Star on the GitHub repository. Contributions via Issues and Pull Requests are also very welcome!

See also: For more details on pyscn, check out this article:

Managing the Quality of AI-Generated Python Code

DaisukeYoda ・

#python #ai #cli #tooling

Analyzing Python Code Quality via MCP

DaisukeYoda — Sat, 18 Oct 2025 23:51:41 +0000

Introduction

I recently released pyscn, a Python code quality analyzer. The response has been incredible - we reached 850 stars on GitHub within just two weeks, and PyPI statistics show it's being actively used by many developers. I'm deeply grateful to everyone who uses pyscn and to all the contributors.

Today, I'm excited to announce pyscn version 1.2.0, which introduces MCP (Model Context Protocol) support - a highly requested feature. This integration allows AI assistants to analyze Python code quality directly. (Special thanks to qinsehm1128 for implementing this feature!)

Setup

Setting up pyscn MCP is straightforward.

For Claude Code users, you can add the MCP server with a single command:

claude mcp add pyscn-mcp uvx -- pyscn-mcp

For other MCP clients like Cursor, add the following to your config file (e.g., ~/.config/claude-desktop/config.json):

{
  "mcpServers": {
    "pyscn-mcp": {
      "command": "uvx",
      "args": ["pyscn-mcp"],
      "env": {
        "PYSCN_CONFIG": "/path/to/.pyscn.toml"
      }
    }
  }
}

Usage

Once configured, simply ask your AI assistant things like:

"Analyze the code quality of the app/ directory"
"Find duplicate code and help me refactor it"

Claude or ChatGPT will invoke the MCP tools to analyze and help refactor your code.

Features

pyscn MCP currently provides the following tools:

analyze_code - Comprehensive code quality analysis (all analyses at once)
check_complexity - Cyclomatic complexity analysis (McCabe complexity, nesting depth)
detect_clones - Code clone detection (APTED + LSH, Type 1-4 clones)
check_coupling - Class coupling analysis (CBO metrics)
find_dead_code - Dead code detection (CFG-based, unreachable code)
get_health_score - Code health score (0-100 points, grades A-F)

Conclusion

Give pyscn MCP a try and integrate code quality analysis into your development workflow. Clean code design makes AI-assisted coding far more efficient.

If you have feedback, please share it via comments, X (Twitter), or GitHub issues. Real-world usage feedback is invaluable for improving the product.

Links:

Article: https://dev.to/daisukeyoda/pyscn-the-code-quality-analyzer-for-vibe-coders-18hk
GitHub: https://github.com/ludo-technologies/pyscn
PyPI: https://pypi.org/project/pyscn/
X: https://x.com/pyscn_official

Pyscn: The Code Quality Analyzer for Vibe Coders

DaisukeYoda — Sun, 12 Oct 2025 00:03:23 +0000

Summary

Are you riding the wave of Vibe Coding with AI assistants, churning out code faster than ever? The speed is thrilling — but how do you keep your codebase clean, maintainable, and scalable?

I've created pyscn, a high-speed code quality analyzer for Python, built with Go. It's designed specifically for modern developers who leverage AI tools like Claude Code, Codex, and more.

Why I Built It

AI coding assistants are powerful allies. However, as projects grow in scale and complexity, relying solely on AI-generated code can lead to a tangled mess. Many developers have experienced this: the codebase becomes difficult to navigate, and what started as rapid development slows to a crawl.

I noticed a few common pitfalls in this new era of vibe-driven development:

Code Duplication: Subtle variations of the same logic creeping into different parts of the codebase.
Complex Dependencies: Modules becoming tightly coupled without a clear architectural vision.
Deeply Nested Functions: Logic that is hard to read, test, and debug.

pyscn was born out of the need to address these issues. It analyzes your code for these specific problems, helping you catch "technical debt" introduced by AI-assisted coding before it becomes a major headache.

Getting Started

The easiest way to try pyscn is to run it without installation, directly in your project directory.


# If you use pipx
pipx run pyscn analyze .

# Or if you use uv
uvx pyscn analyze .

(Note: if you've ever tried pyscn before, use uvx pyscn@latest analyze . to use latest version.)

Usage

pyscn has two main commands to fit your workflow:

`pyscn analyze`: In-Depth Analysis & Reporting

This command performs a comprehensive analysis and generates a beautiful, interactive HTML report. It gives you a bird's-eye view of your project's health, highlighting dead code, overly complex functions, and code clones.

`pyscn check`: Quick Code Health Checks in Your Terminal

This command is designed for automation. It acts like a linter, scanning your code for issues and reporting them directly in the terminal. If it finds code that exceeds your configured thresholds (e.g., cyclomatic complexity greater than 15), it will exit with an error code, failing the check. This makes it perfect for integrating into your pre-commit hooks or CI/CD pipeline.

Here’s a quick example with uvx pyscn@latest check testdata:

testdata/python/simple/dead_code_simple.py:12:1: unreachable_after_return(critical)
testdata/python/edge_cases/nested_structures.py:0:1: main is too complex (23 > 10)
testdata/python/edge_cases/python310_features.py:116:1: clone of testdata/python/simple/control_flow.py:133:1 (similarity: 99.3%)
testdata/python/edge_cases/python310_features.py:49:1: clone of testdata/python/edge_cases/python310_features.py:143:1 (similarity: 99.2%)

As you can see, it pinpoints the exact location of issues like unreachable code and potential code clones.

The Reaction from Hacker News

I officially released version 1.0.0 last week and posted it on Hacker News. The response was far greater than I had imagined.

The post sparked a lively discussion around "Vibe Coding" and the challenges of maintaining code quality in the age of AI. It was incredibly valuable to hear from core developers. Comments like, "This could be really useful for reviewing AI-generated code" and "This is important for maintaining architectural sanity," affirmed that pyscn is solving a real-world problem.

What's Next

This is just the beginning for pyscn. I'm actively exploring new features, many of which are still in the conceptual stage beyond what's listed in the GitHub Issues.

Two of the most requested features are:

Expanding support to JavaScript/TypeScript.
Integration with AI agentic workflows (e.g., allowing AI agents to use pyscn's analysis to autonomously review and refactor code).

I'm excited about the future of pyscn and would love to hear your ideas! Feel free to open an Issue or start a Discussion on GitHub.

ludo-technologies / pyscn

An Intelligent Python Code Quality Analyzer

A code quality analyzer for Python vibe coders.

Building with Cursor, Claude, or ChatGPT? pyscn performs structural analysis to keep your codebase maintainable.

Working with JavaScript/TypeScript? Check out jscan

Quick Start

# Run analysis without installation
uvx pyscn@latest analyze .
# or
pipx run pyscn analyze .

Demo

demo.mp4

Features

🔍 CFG-based dead code detection – Find unreachable code after exhaustive if-elif-else chains
📋 Multi-algorithm clone detection (Type 1-4) – Identify refactoring opportunities with LSH acceleration
🔗 Coupling metrics (CBO) – Track architecture quality and module dependencies
📊 Cyclomatic complexity analysis – Spot functions that need breaking down

100,000+ lines/sec • Built with Go + tree-sitter

MCP Integration

MCP Use Cases

You can interact with…

View on GitHub

Happy coding!

DEV Community: DaisukeYoda

Your Perfect Package Name? Someone Took It in 2014.

You've Got a Great Name. Someone Else Got There First.

How Did We Get Here?

Micro-packages Ate the Namespace

Typosquatting Made It Worse

Why Not Just Reclaim Abandoned Names?

The event-stream Disaster

The left-pad Meltdown

Who Decides "Abandoned"?

Three Ecosystems, Three Philosophies

Python and JavaScript: Tightening the Rules

Go: Skip the Registry Entirely

Rust: Once Published, Published Forever

The Tragedy of the Commons, Software Edition

What Comes Next?

From CLI to GitHub Bot: Building a Code Management AI for Python

Stage 1: pyscn CLI — Measure First

What surprised me

Stage 2: MCP Server — Let AI Use It

Stage 3: pyscn-bot — Automate Everything

What's Next

How Clean Is Famous Open Source Code? I Measured Flask and FastAPI.

How I Measured

ludo-technologies / pyscn

An Intelligent Python Code Quality Analyzer

Quick Start

Demo

Features

MCP Integration

MCP Use Cases

What the Numbers Actually Mean

Complexity: The Cost of Features

Coupling: The OpenAPI Tax

The Circular Dependency Surprise

Duplication: Compatibility Costs

The Real Lesson

What About Your Code?

pyscn-bot: A Periodic Code Audit AI Agent for Vibe Coders

In the Age of AI-Generated Code, How Are You Managing Quality?

What Is pyscn-bot?

Why You Need pyscn-bot

The Limitations of Traditional AI Code Review Bots

pyscn-bot's Approach

What pyscn-bot Detects

Overly Complex Functions

Duplicate Code

Dead Code

Tightly Coupled Architecture

The Philosophy of Periodic Auditing

The Power of the "pyscn" Static Analysis Engine

Integration with AI Assistants

Pricing Plans

A Message to Vibe Coders

Managing the Quality of AI-Generated Python Code

AI in software engineering at Google: Progress and the path ahead

Why Static Analysis Tools Are Necessary

Enter Ruff: The Static Analysis Tool

Enter Pyscn: A Code Design Diagnostic Tool for the AI Era

Integration with AI Coding Tools: Unleashing pyscn's True Potential

Use Case 1: Quality Check with Claude Code Slash Commands → Instant Refactoring

Use Case 2: Detect Code Clones via MCP → Consolidate

Use Case 3: Quality Gate in CI/CD

Conclusion: The Future of pyscn

Managing the Quality of AI-Generated Python Code

DaisukeYoda ・

Analyzing Python Code Quality via MCP

Introduction

Setup

Usage

Features

Conclusion

Pyscn: The Code Quality Analyzer for Vibe Coders

Summary

Why I Built It

Getting Started

Usage

pyscn analyze: In-Depth Analysis & Reporting

pyscn check: Quick Code Health Checks in Your Terminal

The Reaction from Hacker News

`pyscn analyze`: In-Depth Analysis & Reporting

`pyscn check`: Quick Code Health Checks in Your Terminal